Looking for direction - network directory interoperability - Technology Information

Communications News, Oct, 1999 by Morris Edwards

A new forum tasks the industry with directory interoperability.

As enterprises grow in size and complexity, network managers will increasingly need a centralized directory that can manage everything from network devices and applications to user security rights.

Directories are repositories, or databases, containing the information network managers need to locate and identify users and resources on the network and to administer all changes to the data. Typically, a directory might include the names, e-mail addresses, and phone numbers of users, their passwords and access rights to applications, and details of network devices and applications. The data is represented as objects in a hierarchical tree that can be set up to mirror a company's organizational chart, making it easier for the network manager to handle change and expansion.

Adding, deleting, and changing network users can be a costly and time-consuming chore with today's distributed networks. Directories allow one person to perform this task across the enterprise, rather than requiring local administrators to handle the chore for users in their jurisdiction. Likewise, adding, deleting, and changing server-based resources, such as printers, file access, and applications, is much simpler since the process can be performed in one step and with groups of users rather than one at a time.

Directories also help with such functions as applying quality of service and user access policies to network devices. Mission-critical applications can be given top priority for network capacity and access rights changed or terminated when the user switches jobs or leaves the company.

With extranets and e-commerce sites, directories become even more useful. By giving each user a digital persona that can be readily authenticated, for instance, directories provide the trusted relationships needed for e-commerce. They also allow organizations to authenticate partners, suppliers, and third-party providers using extranets, keeping their transactions secure. What's more, directories make it easier to integrate e-commerce sites with back-office systems.

As the number of applications and processes that use directory information grows, organizations are finding they rely on more and more directories, each containing a variety of information on users, applications, and network resources. A typical Fortune 500 company may maintain over 100 separate directories for email accounts, phone numbers, network devices, and security. Integrating the directories and creating a unified structure has become an important challenge.

INTEROPERABILITY GOAL

In response, several industry leaders, including IBM, Novell, Oracle, and Lotus Development, have joined forces to form the Directory Interoperability Forum (DIF), with the intent to expedite development of cross-platform, directory-based applications and the network architectures to support them. In addition, forum members plan to introduce a software development kit by year's end to encourage independent software vendors to build specialized applications to access the directories.

A standard called the lightweight directory access protocol (LDAP) has been widely adopted for interoperability, but it lacks sophisticated features, such as the ability to replicate changes in directory-stored information across various types of directory software. Forum members plan to develop a companion standard, the lightweight directory update protocol (LDUP) to enable LDAP systems to replicate and update data across servers. They will also work with existing bodies, such as the Internet Engineering Task Force and the Desktop Management Task Force, to hasten the adoption of directory standards.

Several networking vendors, including AT&T, Cisco Systems, and Lucent Technologies, have endorsed the effort. Noticeably absent from the list is Microsoft Corp., which plans to release its own Active Directory later this year as part of its Windows 2000 Server operating system. Microsoft has also acquired Zoomit Corp., a metadirectory company whose software it plans to integrate into Windows 2000.

While products, such as Active Directory, can provide directory services for a host of applications and systems, they may not be able to handle all of an enterprise's e-mail, operating system, and applications directories, not to mention third-party network and human-resource databases. This limitation has led to metadirectories like the one from Zoomit that collect data from a variety of directories and databases into a single repository, effectively creating a single master directory for the enterprise.

Microsoft plans to integrate the Zoomit technology with Active Directory to gather data from directories, address books, databases, and repositories into one metadirectory, with the ability to "push" information on adds, deletes, and changes to the appropriate systems. However, the integration will not take place until next year to avoid delaying this year's initial release of Active Directory.